HTTP Headers Analysis for https://mail.latino.aol.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Good

base-uri; child-src; connect-src; +9 more

base-uri 'self';child-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;connect-src 'self' https://geo.yahoo.com https://server-dev.comet.yahoo.com https://server.comet.yahoo.com https://ws.progrss.yahoo.com https://udc.yahoo.com https://jsapi.login.yahoo.com https://www.yahoo.com https://3p-udc.yahoo.com https://3p-geo.yahoo.com https://www.google-analytics.com https://*.aol.com https://guce.aol.com/ https://ups.analytics.yahoo.com https://api.taboola.com/1.2/json/taboola-usersync/user.sync https://fn.or.ipqualityscore.com https://fn.eu.ipqualityscore.com https://fn.us.ipqualityscore.com https://fn.nc.ipqualityscore.com https://or.ipqualityscore.com https://fn.us.ipqsnet.com https://fn.eu.ipqsnet.com https://fn.nc.ipqsnet.com https://dtproxy5.yahoo.nc.clients.ipqs.com https://dtproxy6.yahoo.nc.clients.ipqs.com https://dtproxy5.yahoo.eu.clients.ipqs.com https://dtproxy6.yahoo.eu.clients.ipqs.com https://dtproxy5.yahoo.or.clients.ipqs.com https://dtproxy6.yahoo.or.clients.ipqs.com https://s.yimg.com;default-src 'self' https://s.yimg.com https://s1.yimg.com https://login.yahoo.net;font-src https://s.yimg.com https://s1.yimg.com;frame-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com https://*.aol.com https://www.aol.co.uk https://www.aol.de https://gpt.mail.yahoo.net/sandbox https://guce.oath.com/ https://opus.analytics.yahoo.com https://tsdtocl.com/;img-src 'self' data: https://yahoo.com https://ct.yimg.com https://s.yimg.com https://s1.yimg.com https://tw.yimg.com https://geo.yahoo.com https://socialprofiles.zenfs.com https://*.wc.yahoodns.net https://beap-bc.yahoo.com https://ws.progrss.yahoo.com https://log.fc.yahoo.com https://*.ah.yahoo.com https://pr-bh.ybp.yahoo.com https://fbcdn.net https://scontent.xx.fbcdn.net https://z-m-scontent.xx.fbcdn.net https://graph.facebook.com https://data.mail.yahoo.com https://platform-lookaside.fbsbx.com https://www.yahoo.com https://3p-geo.yahoo.com https://www.googletagmanager.com;media-src https://*.ah.yahoo.com https://s.yimg.com;object-src 'none';report-uri https://csp.yahoo.com/beacon/csp?src=mbr_account;script-src 'unsafe-inline' 'self' https://s.yimg.com https://s1.yimg.com https://jsapi.login.yahoo.com https://fc.yahoo.com https://e2e.fc.yahoo.com https://server-dev.comet.yahoo.com https://server.comet.yahoo.com https://www.googletagmanager.com https://opus.analytics.yahoo.com/tag/opus.js https://consent.cmp.oath.com/cmp.js 'nonce-dRR+an49KNLUl/ReqfJlEZVZEjG6kHliVtzbA/3E9Lqb9h6I' ;style-src * 'unsafe-inline'

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

keep-alive

Vary

Performance

Accept-Encoding

Caching Headers

4 headers

Age

Caching

0

Cache-Control

Caching

no-cache, no-store, must-revalidate

Expires

Caching

0

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

39160

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

ATS

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

AS=v=1&s=fQYD5E2b&d=A691d1a87|2IL.i_r.2SqoqCu6NSditzNMYYiydfRp.EboRozRAqUw3rPNPF4uSXu9Dj_n6IQ1INkunMRV08N5zqfdNqce3EIkCaS5KHGFUIFcnh9c8DJN1LYhXhYq0Tvh6XyVn7Q.yiEr8vjyo0SeNQRG2RpHLQZBQifC9l5DqczZGcWI892VNLakYwkjNYthVaoQOGrWcBC9jKnqCI4O5lwN0aRS35NVXMk1SKSZgqK5uKQY4AfD4Q7eIyLbj1QE0_zjoIL92hS.9kWZG_JrL_dOqTowEO6_dRs.2jPBuoR8Jn4g5vqHiBaeSYyetwFqJmq.Ip0PnToCyVR4YTLKYMdRBJ3OU1NFD6i0uCZL4f6zXMA5VzoO4IihT1bEUpNmJw4NTT5Zbe79QuYdCONw63X63Ohjb7AtaXUVFb1JnP6RdlT1LjdCsBLBknX3HFioGIMYofhUtQ_KtFkzVihcpGGNEbk2zj6z5FCrWEAKLSvhzOIEUvygYKY5pKU4l1a_MSaEz_egH526Pdm097RNYoJe3ZWm05G.fwmm2WEr4a4LiP4s2_pG4SE7ZH0oH6NunBTMTkbXVKDViQqTqIjcZuM6LGupgFpYhBj.dBRvGde_Xel2x8V_ryqNCjUGzrg_Q5mU0Xst55gnAWlLmSlNRbjlWNlrXUGRhSOKVgZuqehWUGLPqZjGdJNKBYw5AVuJvxkk_AOSEq0BHPqZ5k.WVWvm2LUvpbtDerFdXzbDa8cYbCeqfvverZr_9mhWWPRr.AvsQUgwg.ae6sFO_POW9gmj3eJUeaBSTD69gpFHNQ7ta.2uQwHElNq5L3y8_x06l3DciFomfUrMZcAoRBk01PWXyyDtEZkyIext9938Q0d09G8-~A; path=/; domain=login.aol.com; secure; HttpOnly

Other Headers

1 headers

Date

Other

Tue, 18 Nov 2025 01:16:55 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance